Rule documentation

Learn everything about our rules, and how to leverage them drive absolute quality in your development team.

Lorenzo Frattini avatar Gabriele Gallo Stampino avatar
62 articles in this collection
Written by Lorenzo Frattini and Gabriele Gallo Stampino
Security best practices

Import of sensitive fields in Lightning Web Components (LWC)

Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Direct DOM manipulation in Lightning Web Components (LWC)

Detect LWC templates that use direct DOM manipulation and bypass the secure Shadow DOM provided by the Lightning Web Components
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Sensitive information storage

Detect when sensitive information like tokens, secrets are stored insecurely.
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Sensitive information logging

Inspect the data model definition, and ensure sensitive information isn’t logged or exposed unsafely to avoid data leaks.
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Excessive data access permissions

Detects the use of "ViewAllData" and "ViewAllRecords" in profiles.
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Subresource integrity

Detect subresource integrity vulnerabilities.
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Content Security Policy (CSP)

Make sure that resources used by Visualforce or Lightning components are retrieved securely in accordance to your Content Security Policy.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Insecure endpoints

Ensure HTTP callouts use secured endpoints (HTTPS) to protect your application and users from attack.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Named credentials

Enforce using named credentials instead of manually hard-wiring credentials when performing HTTP requests.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Randomization of cryptographic keys

Detect uses of cryptography with hard-wired keys, so that the security of encrypted data is not compromised.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago
Coding best practices

Identify methods with global visibility

Detects methods that can be referenced from outside a managed package.
Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago

Asynchronous methods in loops

Prevent the use of asynchronous Apex methods (@future) inside loops, to help your application cope with larger volumes of data properly.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Boundaries on SOQL statements

Ensure all SOQL statements are either bound by either a LIMIT or by a WHERE clause.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Bulkification of triggers

Ensure your Apex triggers can process data in bulks and properly deal with larger volumes.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Business logic in triggers

Detect the presence of non-trivial business logic inside Apex triggers.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Metadata API recency

Ensure your components are up to date with a recent enough version of the Salesforce API.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Multiple triggers per object

Detect multiple triggers on the same object, and prevent non-deterministic behaviours.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Nested IFs

Keep your code easy to read and test by containing the use of nested conditional structures.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Number of arguments per method

Limit the number of arguments allowed for each method to keep your code easy to read and maintain.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Number of methods per class

Limit the number of methods allow per each Apex class, to encourage good design.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Send email in loops

Prevent uses of Messaging.sendEmail inside loops, to reduce the risk of running into governor limits.
Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago